public function render() { if (!isset($_SESSION['token'])) { $_SESSION['token'] = array(); } $_SESSION['token'][] = Useful::randomString(20); $fields = ''; $error = $this->valid ? '' : '<p class="error">Sorry there were some errors in the form, problem fields have been highlighted</p>'; $format = (object) $this->formats[$this->format]; foreach ($this->fields as $key => $value) { $format = (object) $this->formats[$this->format]; $temp = isset($this->data[$key]) ? $value->returnField($key, $this->data[$key]) : $value->returnField($key); if ($temp['html']['close_field'] !== false) { $format->close_field = $temp['html']['close_field']; } if ($temp['html']['close_html'] !== false) { $format->close_html = $temp['html']['close_html']; } if ($temp['html']['open_field'] !== false) { $format->open_field = $temp['html']['open_field']; } if ($temp['html']['open_html'] !== false) { $format->open_html = $temp['html']['open_html']; } $fields .= $format->open_field; if ($temp['label']) { $fields .= $format->open_html . $temp['label'] . $format->close_html; } foreach ($temp['messages'] as $message) { if ($this->message_type == 'inline') { $fields .= $format->open_html . '<p class="error">This field ' . $message . '</p>' . $format->close_html; } else { $this->setMessages($message, $key); } if (!$this->multiple_errors) { break; } } $fields .= $format->open_html . $temp['field'] . $format->close_html . $format->close_field; } if (!empty($this->messages)) { $this->buildMessages(); } else { $this->messages = false; } $token = $_SESSION['token'][count($_SESSION['token']) - 1]; self::$instance = false; $form = <<<FORM {$error} {$this->messages} <form class="form" action="{$this->action}" method="{$this->method}" enctype="multipart/form-data"> {$format->open_form} {$format->open_form_body} <input type="hidden" value="{$token}" name="token" /> {$fields} {$format->close_form_body} {$format->open_submit} <input type="submit" name="submit" value="{$this->submit_value}" /> {$format->close_submit} {$format->close_form} </form> FORM; if ($this->render_class_instance) { Bites::callHooks('onForm', $this->render_class_instance->module, $this->render_class_instance->view, false, $form); } return $form; }
/** * Creates a new CRSF token * * @return string */ private function setToken() { if (!isset($_SESSION["nibble_forms"])) { $_SESSION["nibble_forms"] = array(); } if (!isset($_SESSION["nibble_forms"]["_crsf_token"])) { $_SESSION["nibble_forms"]["_crsf_token"] = array(); } $_SESSION["nibble_forms"]["_crsf_token"][$this->name] = Useful::randomString(20); $this->addField("_crsf_token", "hidden"); $this->addData(array("_crsf_token" => $_SESSION["nibble_forms"]["_crsf_token"][$this->name])); }